Switched to moodle param validation

This commit is contained in:
PMKuipers 2024-11-01 18:03:44 +01:00
parent 6b707cc595
commit 5e3d610451

View file

@ -51,23 +51,20 @@ foreach ($mappings as $cfg) {
} }
print $OUTPUT->header(); print $OUTPUT->header();
print "<pre>";
print $CFG->gradebookroles;
print "</pre>";
if ($_POST["action"] == "update") { $action = optional_param("action","",PARAM_TEXT);
if ($action == "update") {
// First loop through the scales to see which need to be updated. // First loop through the scales to see which need to be updated.
foreach ($scales as $scale) { foreach ($scales as $scale) {
if (array_key_exists($scale->id, $scalecfgs)) { if (array_key_exists($scale->id, $scalecfgs)) {
$scalecfg = $scalecfgs[$scale->id]; $scalecfg = $scalecfgs[$scale->id];
$needupdate = false; $needupdate = false;
foreach (["min_progress", "min_completed"] as $handle) { foreach (["min_completed"] as $handle) {
$key = "s_{$scale->id}_{$handle}"; $key = "s_{$scale->id}_{$handle}";
if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) { if (($v = optional_param($key, null, PARAM_INT)) !== null) {
$value = intval($_POST[$key]); if ($v != $scalecfg->$handle) {
if ($value != $scalecfg->$handle) { $scalecfg->$handle = $v;
$scalecfg->$handle = $value;
$needupdate = true; $needupdate = true;
} }
} }
@ -79,10 +76,10 @@ if ($_POST["action"] == "update") {
} else { } else {
$scalecfg = (object)[ "scale_id" => $scale->id]; $scalecfg = (object)[ "scale_id" => $scale->id];
$requireinsert = false; $requireinsert = false;
foreach (["min_progress", "min_completed"] as $handle) { foreach (["min_completed"] as $handle) {
$key = "s_{$scale->id}_{$handle}"; $key = "s_{$scale->id}_{$handle}";
if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) { if (($v = optional_param($key, null, PARAM_INT)) !== null) {
$scalecfg->$handle = intval($_POST[$key]); $scalecfg->$handle = $v;
$requireinsert = true; $requireinsert = true;
} }
} }
@ -98,39 +95,36 @@ if ($_POST["action"] == "update") {
$deletelist = []; $deletelist = [];
foreach ($gradecfgs as $gradecfg) { foreach ($gradecfgs as $gradecfg) {
$deletekey = "g_{$gradecfg->grade_points}_delete"; $deletekey = "g_{$gradecfg->grade_points}_delete";
if (array_key_exists($deletekey, $_POST) && boolval($_POST[$deletekey]) === true) { $dval = optional_param($deletekey, "", PARAM_TEXT);
if (in_array(strtolower($dval),["on","true"])) {
$DB->delete_records(GRADECFG_TABLE, ["id" => $gradecfg->id]); $DB->delete_records(GRADECFG_TABLE, ["id" => $gradecfg->id]);
$deletelist[] = $gradecfg; $deletelist[] = $gradecfg;
} else { } else {
foreach (["min_progress", "min_completed"] as $handle) { foreach (["min_completed"] as $handle) {
$key = "g_{$gradecfg->grade_points}_{$handle}"; $key = "g_{$gradecfg->grade_points}_{$handle}";
if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) { $gradecfg->$handle = optional_param($key, null, PARAM_LOCALISEDFLOAT);
$gradecfg->$handle = floatval($_POST[$key]); if ($gradecfg->$handle !== null) {
$DB->update_record(GRADECFG_TABLE, $gradecfg);
// Reload to ensure proper rounding is done.
$gradecfgs[$gradecfg->grade_points] = $DB->get_record(GRADECFG_TABLE, ['id' => $gradecfg->id]);
} }
} }
$DB->update_record(GRADECFG_TABLE, $gradecfg);
// Reload to ensure proper rounding is done.
$gradecfgs[$gradecfg->grade_points] = $DB->get_record(GRADECFG_TABLE, ['id' => $gradecfg->id]);
} }
} }
foreach ($deletelist as $gradeconfig) { foreach ($deletelist as $gradeconfig) {
unset($gradecfgs[$gradecfg->grade_points]); unset($gradecfgs[$gradeconfig->grade_points]);
} }
unset($deletelist); unset($deletelist);
// And add an optionally existing new gradepoint setting. // And add an optionally existing new gradepoint setting.
if (array_key_exists("g_new_gradepoints", $_POST) if (($gp = optional_param("g_new_gradepoints", null, PARAM_INT)) !== null) {
&& !empty($_POST["g_new_gradepoints"])
&& is_numeric($_POST["g_new_gradepoints"]) ) {
$gp = intval($_POST["g_new_gradepoints"]);
if (!array_key_exists($gp, $gradecfgs)) { if (!array_key_exists($gp, $gradecfgs)) {
$gradecfg = (object)[ "grade_points" => $gp]; $gradecfg = (object)[ "grade_points" => $gp];
$requireinsert = false; $requireinsert = false;
foreach (["min_progress", "min_completed"] as $handle) { foreach (["min_progress", "min_completed"] as $handle) {
$key = "g_new_{$handle}"; $key = "g_new_{$handle}";
if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) { if (($v = optional_param($key, null, PARAM_LOCALISEDFLOAT)) !== null) {
$gradecfg->$handle = floatval($_POST[$key]); $gradecfg->$handle = $v;
$requireinsert = true; $requireinsert = true;
} }
} }
@ -146,7 +140,7 @@ if ($_POST["action"] == "update") {
} }
// Process all available scales and load the current configuration for it. // Process all available scales and load the current configuration for it.
$data = []; $data = [];
foreach ($scales as $scale) { foreach ($scales as $scale) {
$scale->load_items(); $scale->load_items();
@ -205,7 +199,6 @@ print html_writer::tag("input", null, ['name' => "action", 'value' => 'update',
$table = new html_table(); $table = new html_table();
$table->id = ""; $table->id = "";
$table->attributes['class'] = 'generaltable m-roomtable'; $table->attributes['class'] = 'generaltable m-roomtable';
$table->tablealign = 'center';
$table->head = []; $table->head = [];
$table->data = $data; $table->data = $data;
$table->head[] = get_string('scale'); $table->head[] = get_string('scale');
@ -253,7 +246,6 @@ $data[] = $row;
$table = new html_table(); $table = new html_table();
$table->id = ""; $table->id = "";
$table->attributes['class'] = 'generaltable m-roomtable'; $table->attributes['class'] = 'generaltable m-roomtable';
$table->tablealign = 'center';
$table->head = []; $table->head = [];
$table->data = $data; $table->data = $data;
$table->head[] = get_string('grade_points', 'local_treestudyplan'); $table->head[] = get_string('grade_points', 'local_treestudyplan');